Supporting cybersecurity education and training via LMS integration: CyLMS
- 103 Downloads
Cybersecurity education and training are being conducted on an ever-increasing scale, as most organizations need to improve their readiness in dealing with the more and more frequent cyberattacks. However, most systems used for such education and training purposes are built from scratch, are highly customized, and often proprietary. This is true especially for complex activities that include hands-on practice, such as Capture The Flag (CTF) competitions and realistic cyber range training. Moreover, the specificities of these platforms create an important overhead, both for instructors, who need to develop training content and learn how to use them, and also for trainees, who need to each time adjust to a different platform. In this paper, we present our approach of integrating cybersecurity training activities, both for technical and awareness training, with Learning Management Systems (LMSs). In particular, our system—named CyLMS—provides integration from content point of view with most LMSs through the use of the SCORM format for packaging the training content. Moreover, additional CyLMS modules make possible a tighter integration with the Moodle LMS, a widely-used e-learning platform, for tasks such as automatic activity management and hands-on environment access. In this way, both instructors and trainees benefit from standard interfaces for checking the training content, answering questions, managing the results, etc. The paper includes an evaluation of CyLMS from a functionality, user and performance perspectives that demonstrates its applicability to actual training activities. While so far we have only used CyLMS in the cybersecurity context, the platform is sufficiently generic to be applied to other education activities, as a learning content management tool that facilitates training content creation and sharing.
KeywordsCybersecurity education Learning content management Learning management system Hands-on training Cyber range
The authors would like to thank Muhammad Harith bin Noor Azam for the initial implementation of content management via moosh, and Masanori Sunagawa for the prototype implementation of remote desktop access via noVNC. This work was supported by JSPS KAKENHI Grants Number 17K00478 and 17K00479.
- Advanced Distributed Learning (ADL) Initiative: SCORM Overview. https://www.adlnet.gov/scorm.
- Cyber Range Organization and Design (CROND). GitHub Repository for CyLMS. https://github.com/crond-jaist/cylms.
- DBpedia Association: DBpedia Website. https://wiki.dbpedia.org/.
- Evans, C. (2017). The Official YAML Website. http://www.yaml.org/.
- Ghiglieri, M., & Stopczynski, M. (2016). Seclab: an innovative approach to learn and understand current security and privacy issues. In Proceedings of the 17th Annual Conference on Information Technology Education (SIGITE ‘16) (pp 67–72).Google Scholar
- IMS Global Learning Consortium: Learning Tools Interoperability Website. http://www.imsglobal.org/activity/learning-tools-interoperability.
- Jeffrey, C. tty.js: A terminal for your browser, using node/express/socket.io. https://github.com/chjj/tty.js/.
- Noor Azam, Md.H., & Beuran, R. (2018). Usability evaluation of open source and online capture the flag platforms. Tech. Rep. IS-RR-2018-001 Japan advanced institute of science and technology (JAIST).Google Scholar
- Muras, T. Moosh Official Website. https://moosh-online.com/.
- National Institute of Information and Communications Technology, Japan: Cyber Defense Exercise with Recurrence (CYDER) (in Japanese). https://cyder.nict.go.jp/.
- noVNC Development Team. noVNC: HTML VNC Client Library and Application. https://github.com/novnc/noVNC.
- Rustici Software: Sample SCORM Packages. https://scorm.com/scorm-explained/technical-scorm/golf-examples/.
- Sancristobal, E., Castro, M., Harward, J., Baley, P., DeLong, K., Hardison, J. (2010). Integration view of web labs and learning management systems. In Proceedings of IEEE EDUCON 2010 Conference (pp. 1409–1417).Google Scholar
- SANS Institute: SANS NetWars Training Courses. https://www.sans.org/netwars/.
- Scarfone, K., Souppaya, M., Cody, A., Orebaugh, A. (2008). National institute of standards and technology – technical guide to information security testing and assessment.Google Scholar
- Soceanu, A., Vasylenko, M., Gradinaru, A. (2017). Improving cybersecurity skills using network security virtual labs. In: Proceedings of International MultiConference of Engineers and Computer Scientists (IMECS 2017).Google Scholar
- Tan, Z., Hasegawa, S., Beuran, R. (2018). Concept map building from linked open data for cybersecurity awareness training. In Proceedings of the Japanese society for artificial intelligence (JSAI) special interest group on advanced learning science and technology workshop (SIG-ALST83) (pp. 1–6).Google Scholar
- Tang, D., Pham, C., Chinen, K., Beuran, R. (2017). Interactive cybersecurity defense training inspired by web-based learning theory. In Proceedings of the IEEE 9th international conference on engineering education (ICEED 2017) (pp. 103–108).Google Scholar
- The Moodle Project: AIKEN Format. https://docs.moodle.org/en/Aiken_format.
- The Moodle Project: GIFT Format. https://docs.moodle.org/en/GIFT_format.
- The Moodle Project: Moodle XML Format. https://docs.moodle.org/en/Moodle_XML_format.